PW Packet Sniffer

[demond1]

hey dude i got some problem here's

please help me

TOGGLEFLYING($PID)
Local $ITEMTYPEID = MEMREAD($CHAR_DATA_BASE + 1392) << +1392?
what offset its refers to??

i cant find any clue what offset is it since this morning lol

maybe someone can tell me

[Smurfin]

yea, it's working on w7 64bit, make sure you follow the step by step instruction and use the correct version of CE, I once had an error about header or something using CE 6.1

[Interest07]

Quote:

Originally Posted by demond1

hey dude i got some problem here's

please help me

TOGGLEFLYING($PID)
Local $ITEMTYPEID = MEMREAD($CHAR_DATA_BASE + 1392) << +1392?
what offset its refers to??

i cant find any clue what offset is it since this morning lol

maybe someone can tell me

Its the offset for the itemtype id of your flyer

[demond1]

thanx sifu

how i must search with ce?

thats not same with fly offset?

ahhh i knew it,its a fly mount right?

[asgborges]

Quote:

Originally Posted by Interest07

On Topic:
If you were to use these packets sniffed here, what functions would you use ingame to send them? (Asking before I download this )

Your thread about SendPacket will do the job just good... in fact that function will call the "preassemble" of the packet structure, hence you just have do send the game cmds, not the holy packet..

you can find not all, but most of the game commands sended by the client finding whats calls the SendPacket address ("call 006734C0" last PWI version at 25/11/2011)... but you already know that =]

What i do find intriguing about my recent discoveries was about the packets starting with the OPCODE 93/92... it keep exchanging sensitive information about the players computers, for example: what programs are you running atm... i also found whats looks like pieces of DLL headers and Lua compiled scripts... and all this make me wonder the WHY?! maybe for controling the user activity.. maybe to Spy on the players.. maybe to steal sensitive informations of the users...
anyway.. ill leave the conspiracies theories with you guys hehe.. just keep your eyes open from now on!



@About the programing languages...
what i would say is... be familiar and know the minimum necessary of the main dominant languages of the market... and be good at the language of your choice and everthing will be fine
Every language has your PROS and CONS...


================================================== ============
Heres small example of SendPacket function...


Sending Deselect cmd:


tested on PWI (last version at 25/11/2011)

[demond1]

dear asborges

can i found some addres using your tools?

like itemtype id of my flyer ?

[asgborges]

Quote:

Originally Posted by demond1

dear asborges

can i found some addres using your tools?

like itemtype id of my flyer ?

this Packet Sniffer is not really for this...

but you can easily find programs to Edit/See the Elements.data from the game.. and there you can find ANY id you want..

try "PW EL editor" "PW elements editor" on google



you also can easily get the ID you want by looking at and converting the number ID to HEX using the simple Calculator coming with the Windows

[demond1]

ok i will try it know

thanx btw for your help =)

i'll report it soon lol

[Shareen]

Quote:

Originally Posted by asgborges

@About the programing languages...
what i would say is... be familiar and know the minimum necessary of the main dominant languages of the market... and be good at the language of your choice and everthing will be fine
Every language has your PROS and CONS...

Sort of what I was trying to say the other day, but it was late and I had a bus to catch

In fact, I'd extend it to say: Know how to programme and language will not matter. If you know how to do that, you can pick up any language and adapt to it's syntax rather quickly to put something basic together. You won't be pro at it unless you use it regularly, however most have basic things in common ie,. objects, variables, control logic, loops, etc,...

So really what it comes down to is as simple as knowing how to programme, it's completely language independent, it's a way of thinking and approaching problems, analytically.

Finally to address those that would claim: "I use X language to code in and it can do anything, so stop criticising and don't dismiss it".
The point you are missing is not what can be done, hell some guy wrote http server in postscript for the love of ***, so obviously you can do anything with anything. The point is use what makes the job easier and faster.

As for who uses what, when it all comes to, I couldn't care less. It's all suggestions to help you, not attack you. At the end of the day, it's meant to be fun.

[Smurfin]

is there any way to intercept incoming and outgoing packets and tamper with it before it's sent or received ?

[A]-----------------------<->-<->>-<-[B]

A is pw server, B is our PC , > and < are packets, before it reach our Element Client , we hold it hostage first and change the information, after that we release it.

for example I have one million gold deposited into storage/bank, I withdraw it 1 million, the server send me a packet to give me the one million gold, but this packet was captured before it reach the Element Client and the one million gold is then changed to 100 million gold when received.

like in wpepro, I think it has a 'search value' feature in send/receive packet, and modify the packet before it comes/goes.

[asgborges]

Quote:

Originally Posted by Smurfin

is there any way to intercept incoming and outgoing packets and tamper with it before it's sent or received ?

[A]-----------------------<->-<->>-<-[B]

A is pw server, B is our PC , > and < are packets, before it reach our Element Client , we hold it hostage first and change the information, after that we release it.

for example I have one million gold deposited into storage/bank, I withdraw it 1 million, the server send me a packet to give me the one million gold, but this packet was captured before it reach the Element Client and the one million gold is then changed to 100 million gold when received.

like in wpepro, I think it has a 'search value' feature in send/receive packet, and modify the packet before it comes/goes.

well.. since the most of the things are controled server-side... i suppose it would not do anything good beside changed in-memory values that you also can change with Cheat Engine or MHS...

but would be interesting changing the client->server packet relative to the movements at least...
BUT.. im having a hard time figuring the right compression method... the one that i have is not working very well... just keep in mind this Packet Sniffer is decrypting/unpacking the packets in real-time... to be able to change back, ill have to encrypt+pack in case of the server->client packet...

[Smurfin]

oh, I see, I thought if it's an incoming packet from the server and modified just before it reached the client, that'd mean the packet's already approved and would change the value for real when it's arrived.


btw is there any packet that indicate a presence of a stealth-ing assassin nearby ? If we're not supposed to see a stealth-ing assassin in the game, maybe we can see it in packets.

[Sᴡoosh]

You cannot detect stealthed assasins.

@Asgborges : Hooking MPPC decompressor output in client yields in good result, ntKid and me have been playing around with that some time ago. Imo hooking the clients functions for sniffing is a lot easier then writing MPPC decomp and rc4 yourself (rc4 being the less troublesome to implement, fairly straightforward in fact and massive amount of snippets for that). Also somebody else who is monitoring these forums whom Im not sure if he wants to be named here has written a ******* awesome proxy for the whole protocol, maybe this person wants to say something to this topic. Ill leave that to you, V.

Cheers

[asgborges]

Quote:

Originally Posted by Sᴡoosh

@Asgborges : Hooking MPPC decompressor output in client yields in good result, ntKid and me have been playing around with that some time ago. Imo hooking the clients functions for sniffing is a lot easier then writing MPPC decomp and rc4 yourself (rc4 being the less troublesome to implement, fairly straightforward in fact and massive amount of snippets for that). Also somebody else who is monitoring these forums whom Im not sure if he wants to be named here has written a ******* awesome proxy for the whole protocol, maybe this person wants to say something to this topic. Ill leave that to you, V.

Cheers

hooking directly to the functions to get whats is not encrypted/packed is indeed a good aproach.. but it will involve breakpoints, as a result you may have to deal with a regular "freezing" of the client...
this DLL injection that i do with this plugin has the same aproach as the WPE... it will hook directly the Send/Recv function from winsock wich i have then to work on the encryption/decompression.. no problem so far i got the RC4 and the decompression algorithm done...
im just having troubles on the compression now wich could aloud to modify the packets as Smurfin commented...

i can modify the C2S packets without any problems, becos in fact C2S packets are not compressed.. just encrypted...
the problem atm is the S2C packets that requires encryption+compression... and the compression algorithm that i found is not doing the job very well...

[Sᴡoosh]

Yeah, C2S is just encrypted, indeed. For the S2C, have you tried ?

I have not looked at compression yet, I have no use for that.

Cheers dude, keep up the nice work^^